Wednesday, April 7, 2010

Making the Cloud Trustworthy

Yet another Cloud Security initiative, is an initiative by pioneer computer networking company Novell.

"Mission Statement: To Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud

The Trusted Cloud Initiative will help cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations, and practices. We well develop reference models, education, certification criteria and a cloud provider self-certification toolset in 2010. This will be developed in a vendor-neutral manner, inclusive of all CSA members and affiliates who wish to participate."

Trusted Cloud focuses on the notion that eventually it will be us users and the industry itself, that will make the Cloud more secure and trustworthy. We need to start trusting the Cloud, we need to start educating users what to and what not to expect when they join the bandwagon of Cloud Computing, we need to reiterate to users that the Cloud is not the solution for the recession, and finally, we need to let them know that Cloud Computing services, may it be Software-as-a-Service (SaaS), Platform-as-A-Service (PaaS) and Infrastructure-as-a-Service (IaaS) is now a mature and capable platform that promotes business and IT objectives alignment. Trusting the Cloud is a win-win situation, but of course with a few caveats.

We just don't have the solid security framework yet to manage and implement effective IT controls. Which is what the guys at and is working on. It might be early, but I would like to thank these guys for driving the Cloud Computing community to the right path of security with a common sense in mind, and not completely reliant on well-known IT controls and "best practices" which does not really scale and apply well to Cloud Computing.


No comments:

Post a Comment

A playground for network security enthusiasts, innovators and early adoptors

Welcome to my blog, this is me thinking out loud about Voice over IP security (VoIP), managing and optimizing converged networks, Metasploit Framework, Cloud Computing, general security and privacy concerns, grappling adventures, and tuning my MKIV VW Jetta.

All inputs, feedbacks and violent reactions are welcome.

Packet Boy Perseus
Helping spread a positive image why we hack things.

About Me

I am an InfoSec Innovator, a Blue Ocean Seafarer and a Paul Graham Pupil.